<?php
//ADD THE POSTED DATA TO THE DATABASE UNDER THE CURRENT SESSION USER ID
$fcomid = "";
$famount = "";
$ffor = "";
$fdate = "";
$fdepwith = "";
$fcomments = "";
$errorMessage = "";
$num_rows = 0;
$notification = "";
$fmemid = "";

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

	//====================================================================

	//====================================================================
	$fcomid = $_SESSION['comid'];
	$fmemid = $_SESSION['memid'];
	$famount = $_POST['amount'];
$ffor = $_POST['for'];
$htmldate = $_REQUEST['tdate'];
$fdate = strtotime($htmldate);
$fdepwith  = $_POST['depwith'];
$fcomments = $_POST['comments'];

	$fcomid = htmlspecialchars($fcomid);
	$famount = htmlspecialchars($famount);
	$ffor = htmlspecialchars($ffor);
	$fdepwith = htmlspecialchars($fdepwith);
	$fcomments = htmlspecialchars($fcomments);

	//====================================================================
	//	Write to the database
	//====================================================================
	if ($errorMessage == "") {

require 'config.php';

	$db_handle = mysql_connect($server, $user_name, $pass_word);
	$db_found = mysql_select_db($database, $db_handle);

	if ($db_found) {

$fcomid = quote_smart($fcomid, $db_handle);
$famount = quote_smart($famount, $db_handle);
$ffor = quote_smart($ffor, $db_handle);
$fdepwith = quote_smart($fdepwith, $db_handle);
$fcomments = quote_smart($fcomments, $db_handle);

	//====================================================================

	//====================================================================
	$compare = quote_smart("withdraw", $db_handle);
 if ($fdepwith==$compare)
  {$famount = -1 * abs($famount);
  }
  $compare2 = quote_smart("loan", $db_handle);
  if ($fdepwith==$compare2)
  {$famount = -1 * abs($famount);
  }
  
			$sql2 = "INSERT INTO pettyapp_log (id, comid, amount, dfor, tdate, pinout, comments, memid) VALUES (NULL, $fcomid, $famount, $ffor, $fdate, $fdepwith, $fcomments, $fmemid);";
			$result2 = mysql_query($sql2);
			$fref = mysql_insert_id();
			$sql3 = "UPDATE Company SET curbal = curbal + $famount WHERE id = $fcomid";

			$result3 = mysql_query($sql3);

			
			if($result2){
			$notification = "<h4 align=\"center\" style=\"color:#0C0\">Log has been captured</h4><h4 align=\"center\" style=\"color:#0C0\">Reff: ".$fref."</h4>";}
			else
			{$notification = "<h4 align=\"center\" style=\"color:#F00\">Log has not been captured</h4";
				}

			mysql_close($db_handle);


		}
else
{
$errorMessage = "<h4 align=\"center\" style=\"color:#0C0\">Database not found</h4>";
}
	}
	else {
		$errorMessage = "<h4 align=\"center\" style=\"color:#0C0\">An error occurred</h4>";
	}




	}




?>